Member Contract Due Diligence
The Federal Financial Institutions Examinations Council (FFIEC) issued guidance for financial institutions to use when performing vendor due diligence. Each of the topics from FFIEC’s checklist is provided with associated links for additional information.
Asterisked items require access to Premier View. Click here to log in.
Alloya provides contracts for its products and services. Members physically sign a Master Membership Contract (MMC), in which they agree to the terms of the Master Membership Agreement (MMA). The MMA contains most of the basic terms for all agreements. Members may also agree to Product Operating Agreements (POAs) for desired products. The MMA and POAs are accepted electronically in Premier View and all agreements are stored and available in Premier View.
*Requires access to Premier View. Click here to log in.
The Scope of Services is contained in the MMA, MMC, and as applicable in the various POAs.
*Requires access to Premier View. Click here to log in.
Performance Standards are contained in the MMA and Alloya also publishes Service Level Standards in its Due Diligence Center.
*Requires access to Premier View. Click here to log in.
Security and Confidentiality are addressed in the MMA, Sections X, XVII, XIX.2, and XX and as applicable in the various POAs. Alloya also publishes information on this on its Due Diligence Site.
*Requires access to Premier View. Click here to log in.
Controls are addressed in the MMA and as needed in the various POAs. Alloya also publishes its Service Standards on its Due Diligence Center. Specific items include:
- Internal Controls
- Compliance with Regulation – See MMA, Section XXI*
- Records Maintenance
- Access to Records
Most member information Alloya has is received from the member at its request. Such data is almost always available to the member via its own systems. Therefore, Alloya will consider member access to records on a case by case basis.
- Notification Requirements – See MMA, Section XII.3*
- Setting and Monitoring Parameters - See MMA, Section X*
- Insurance Coverage
*Requires access to Premier View. Click here to log in.
Alloya is required by Regulation to have an annual CPA audit. It publishes its audited financial statements, including attestation to its internal control environment at least annually. Monthly unaudited financial statements are also provided. Alloya provides monthly and annual reporting, including financial data, per regulation. NCUA subsequently makes this information available publicly on their website.
- Annual financials
- Monthly financials - (linked to NCUA 5310)
Please see the MMA and applicable POAs for reporting. Alloya is required by Regulation to have an annual CPA audit. It publishes its audited financial statements, including attestation to its internal control environment at least annually. Monthly unaudited financial statements are also provided. Alloya also files monthly call reports with NCUA that are available on NCUA’s website. Alloya also publishes its Service Level Standards and information on its Business Continuity Planning.
Business continuity is addressed as applicable in specific POAs. Further, like its members, Alloya must adhere to the same regulatory requirements for business continuity management including developing and testing business continuity plans. Alloya provides an overview of its business continuity program and its Recovery Time Objectives (RTO) by system.
Review Alloya's Pandemic Response Plan for COVID-19.
Part of the Alloya business model is to partner with third party providers for selected products and services. Alloya’s MMA and POAs are designed such that contractual liability for offering products and services, as well as safeguarding information is maintained between the member and Alloya. In turn, Alloya negotiates contracts with third-parties with similar safeguards and contractual liabilities. In general, should there be an issue a third-party provider, the contractual liability is Alloya’s as the member would look to Alloya. To manage this risk, Alloya has an extensive Vendor Management Program (VMP) that follows this FFIEC guidance as well as other best practices. Additional information is provided on the Due Diligence site.
Alloya’s MMC, Section IV.2 and selected POAs address pricing.* Alloya publishes its fee schedule to members on a periodic basis and at least annually. Alloya may changes prices with 60-days notice. Members also can terminate any POA or the MMA with 60-days notice.
*Requires access to Premier View. Click here to log in.
In applicable cases, Alloya licenses software from other providers and in turn re-licenses it to its members under a separate agreement with the vendor. Allowable use is contained in the MMA, Section XIX and POAs as applicable.* Alloya provides information on Intellectual Property on its Due Diligence site.
- Intellectual Property
- Alloya’s confidentiality agreements extend to intellectual property and Alloya agrees to treat members’ intellectual property with the same due care as its own. See MMA, Section XVII* and the Privacy Policy.
*Requires access to Premier View. Click here to log in.
Alloya’s contract generally do not have any durations and any can be terminated with 60-days notice for any reason.
Alloya’s contracts do not contain a process for dispute resolutions, for example the use of arbitration. There are two primary reasons for this. First, Alloya is a cooperative founded for its members’ benefit. Alloya places an extremely high value on its members and always seeks to resolve those disputes amicably. Second, all contracts provide for a 60-day termination by the member for any reason or no reason. This also places significant pressure on Alloya to resolve disputes timely.
Please see MMA, Section V and POAs as applicable.
*Requires access to Premier View. Click here to log in.
Please see MMA, Section V and POAs as applicable.
*Requires access to Premier View. Click here to log in.
Alloya has taken the unique stance of having its member contracts have no term and a 60-day termination clause for any reason or no reason. We believe this helps ensure we meet and exceed members’ expectations each day. Please see MMC, Section III.
*Requires access to Premier View. Click here to log in.
Alloya may assign contracts with reasonable notice and members may assign contracts with Alloya’s written permission, which shall not be unreasonably withheld. See MMA, Section VIII.*
*Requires access to Premier View. Click here to log in.
Alloya does not use any foreign-based service providers.
Alloya complies with all applicable rules, regulations, and laws. As a Federal Credit Union, Alloya compliance with these is regularly tested by its Regulator, NCUA, as well as by various internal and external audits. See MMA, Section XXI.
*Requires access to Premier View. Click here to log in.